May 9, 2012

Last week I release Bauer-Puntu Linux 12.04. In this latest encantation of my mildly popular Xubuntu based linux distro I encluded a few more tools to help protect your privacy. I did this mainly because of a lot of new "cyber security" and anti-piracy bills that are being introduced in congress that are slowly stripping away our rights as Americans. Rights that we all thought were protected under the Bill of Rights. Protections from things like unreasonable searches and seizures, and from violations of free speech. Many of the things I added involve encryption.

I've had more than one person tell me, "Why bother? They're the government, if they want your data, they will get it." Is that a fact? Well, an article from Tech World from back in June 2010 begs to differ. In their article entitled FBI Hackers Fail To Crack TrueCrypt they say:

The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation.

The Bureau had been called in by the Brazilian authorities after the country's own National Institute of Criminology (INC) had been unable to crack the passphrases used to secure the drives by suspect banker, Daniel Dantas.

The article also said:

Brazilian reports state that two programs were used to encrypt the drives, one of which was the popular and widely-used free open source program TrueCrypt. Experts in both countries apparently spent months trying to discover the passphrases using a dictionary attack, a technique that involves trying out large numbers of possible character combinations until the correct sequence is found.

Is TrueCrypt available in Bauer-Puntu 12.04? Not this time, sorry. i forgot to add it, but if you are running Bauer-Puntu, or pretty much any operating system for that matter, TrueCrypt is very easy to install. Bauer-Puntu does offer easy to use plugins that work with GnuPG, the open source implementation of the OpenPGP standard which has also given the FBI a run for their money in the past. In an article from back in 2003 from PCWorld, the FBI and Italian police had issues breaking emails encrypted with PGP on PDA's used by suspected terrorists.

From that post:

Italian police have seized at least two Psion personal digital assistants from members of the Red Brigades terrorist organization. But the major investigative breakthrough they were hoping for as a result of the information contained on the devices has failed to materialize--thwarted by encryption software used by the left-wing revolutionaries.

Failure to crack the code, despite the reported assistance of U.S. Federal Bureau of Investigation computer experts, puts a spotlight on the controversy over the wide availability of powerful encryption tools.

I guess it all makes sense now why the FBI is now calling on Congress to pass even more rights restricting laws that will require software companies to provide back doors to the Governnment. In a recent article from the Washington Post:

The FBI is requesting backdoors into the social sites and communication services that Americans use every single day, CNET reported Friday. (Backdoors are means of bypassing normal security and encryption protections to easily access databases and servers. The term is commonly used to describe viruses or Trojans that hackers use to access computer systems.)

The reason the FBI is seeking this increase in observing capability: Wiretaps are increasingly useless. The staple of television crime drama for decades, and one of law enforcement’s principal ways of surveilling citizens suspected of crimes, wiretaps no longer work. Why? Fewer people are using regular landlines for communication. And cell phones are increasingly smartphones, which are used more for data than for voice communications. So the modes of communication that the existing wiretap law covers are becoming archaic. Wiretaps will soon be a thing of the past … unless the US government can extend the same principles into online communications.

The point of this post is that encryption DOES work! If the government wants to strip away our rights, and turn this country into a Big Brother state, I say why make it easy on them? If CISPA passes I will be terminating all of my social media accounts, and will require people that want to email me personally to use PGP encryption. I don't care how mundane my communications normally are, I don't want Uncle Sam sticking his nose in it.

What's your take on all of this? Do you use encryption? Are you going to start? If not, why not? If the FBI can't crack this stuff, does that mean the NSA can't as well? Let us know your thoughts in the comments.